Multi-License Discount Quote

Change Region

English
Threat Database Potentially Unwanted Programs PUP.4Shared.A

PUP.4Shared.A

By CagedTech in Potentially Unwanted Programs

Analysis Report

General information

Family Name: PUP.4Shared.A
Signature status: No Signature

Known Samples

MD5: b13078ae03e1db7ee0ded98c0794ee04
SHA1: c40425f3e218d90ffba5a3c62b1c16b995c6ea28
SHA256: A5C0A5FE37A83DDD86658006E39B6B1359E3B2C4D0A61B46B1BFE595B5DADB57
File Size: 157.91 KB, 157909 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have security information
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
Show More
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Comments Shred
Company Name C Vital
File Description LeaveLoadLoud
File Version 4, 10, 40, 0
Internal Name Floop
Legal Copyright Conical (c)
Legal Trademarks TM2-15
Original Filename lltmoping.exe
Private Build 4, 10, 40, 0
Product Name Asper
Product Version 4, 10, 40, 0
Special Build 4, 10, 40, 0

File Traits

  • x86

Block Information

Total Blocks: 419
Potentially Malicious Blocks: 92
Whitelisted Blocks: 316
Unknown Blocks: 11

Visual Map

0 x x x x x x 0 x x x x 0 0 0 x 0 x x x x 0 0 x x x x x x x x x x x x x 0 0 x 0 x x x x x x 0 0 0 x 0 0 0 x x x x x x 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x 0 0 0 0 x x x 0 0 0 0 0 x x x x x x x x x x x x x ? x x x ? ? x x x x x x ? ? ? 0 ? 0 x ? x x 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x x x x x 0 x ? 0 x ? x x x ? x 0 x x 0 1 0 0 0 0 0 1 0 0 0 0 1 0 0 0 0 0 0 1 1 0 0 1 0 0 0 0 0 0 0 0 0 2 0 0 1 0 0 0 0 0 0 0 0 1 0 0 1 1 0 0 0 0 1 2 1 1 0 1 0 0 0 1 0 0 1 1 0 0 0 1 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 1 0 0 0 0 0 0 0 0 2 3 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 1 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 1 0 1 0 0 2 2 0 0 0 1 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 1 0 0 0 2 1
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Files Modified

File Attributes
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\content\05ddc6aa91765aacacdb0a5f96df8199 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\content\24bd96d5497f70b3f510a6b53cd43f3e_3a89246fb90c5ee6620004f1ae0eb0ea Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\content\6da548c7e5915679f87e910d6581def1_60d1ee054e7a7ba4c1893ceaa44573cb Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\metadata\05ddc6aa91765aacacdb0a5f96df8199 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\metadata\24bd96d5497f70b3f510a6b53cd43f3e_3a89246fb90c5ee6620004f1ae0eb0ea Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\metadata\6da548c7e5915679f87e910d6581def1_60d1ee054e7a7ba4c1893ceaa44573cb Generic Read,Write Data,Write Attributes,Write extended,Append data

Registry Modifications

Key::Value Data API Name
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\content::cacheprefix RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\cookies::cacheprefix Cookie: RegNtPreCreateKey
Show More
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\history::cacheprefix Visited: RegNtPreCreateKey

Windows API Usage

Category API
Anti Debug
  • IsDebuggerPresent
  • NtQuerySystemInformation
User Data Access
  • GetComputerNameEx
  • GetUserObjectInformation
Network Winhttp
  • WinHttpConnect
  • WinHttpOpen
  • WinHttpQueryHeaders
  • WinHttpReadData
  • WinHttpReceiveResponse
  • WinHttpSendRequest
Encryption Used
  • BCryptOpenAlgorithmProvider

Trending

Most Viewed

Loading...